The Cloud Modeling And Design

Published Date: 02 Nov 2017

Cloud computing is one of the best ways to reduce the IT cost and complexity, while helping to optimize the workload and provide the highest possible availability to the user base. Cloud computing utilizes a dynamic infrastructure that is specifically designed to provide more services and capacity while using fewer server resources.

The rapid growth of cloud computing offers tremendous potential for efficiency, cost saving and innovations to government, businesses and individuals alike. The key features of the cloud are, i) ability to scale and provide needed data storage, ii) computing power dynamically in a cost efficient way. These benefits will improve, i) government services and citizen access, ii) transform businesses, iii) provide new innovations to consumers, iv) improve important services such as, health care and government-provided services and v) create energy savings.

Achieving the full potential of cloud computing requires cooperation between governments, industry and individual users. To realize this transformative potential, i) build confidence in cloud by protecting users’ interests, ii) promote the developments of standards and needed infrastructure, iii) clarify laws and policies to promote investment in cloud computing.

The following factors and policies are key to promoting the development and adoption of efficient and innovative cloud computing services:

1. Cloud users need assurance regarding security risks associated with storing their data and running their applications on cloud systems. To achieve the needed security, cloud service providers must adopt comprehensive security practices and procedures including:

Well-recognized, transparent and verifiable security criteria.

Robust identity, authentication and access control mechanisms with high level of sensitivity of the data.

Comprehensive and ongoing testing of security measures before and after deployment.

2. Illicit activities in cloud computing environments such as digital theft, fraud and malicious hacking are a threat to both users of the cloud and service providers.

Applicable laws should be updated to provide meaningful deterrents and clear criminal and civil causes of action against fraud, malicious hacking and other harmful activity and new laws should be enacted where needed.

3. Data portability and seamless use of interoperable applications are key consideration for all cloud users.

Cloud providers must work together to ensure that interoperability and portability are addressed through open collaboration and the appropriate use of standards and by using and adopting existing standards wherever appropriate

Government agencies should permit standards for interoperability and portability to be developed in industry-led standard processes. The government should convene industry to accelerate standards development and share its user-requirements with industry-led, open standard setting organizations.

As the government develops and deploys cloud computing solutions it should disclose its requirements to the public.

4. Cloud users need assurance that their private information stored, processed and communicated in the cloud will not be used or disclosed by the cloud provider in unexpected ways.

Cloud providers should establish privacy policies that are appropriate for the particular cloud service they provide and business model they employ. They should make full and prominent disclosure of such policies and should give reasonable advance notification to their customers of any changes in those policies.

Governments should accord similar protections from disclosure of data to the government held by cloud providers as are currently applied to data held on a person’s own computer or within a business’ on-premises data center.

5. Providers of cloud computing technologies and services, as with other highly innovative technologies, rely on patents, copyrights and other forms of intellectual property protection, i.e. Intellectual property laws should provide for clear protection and vigorous enforcement against misappropriation and infringement.

6. Cloud technologies operate across national boundaries and their success depends on access to global markets. Countries should commit to a moratorium on implementing policies that create actual or potential trade barriers to the evolution of cloud computing and should assess existing international trade rules and update them where needed.

3.1.1 Key principles of Cloud Computing

Three key principles of cloud computing are i) abstraction, ii) automation and iii) elasticity:

1: Abstraction

For decades, IT providers have tried to standardize their operations so they can concentrate on optimizing their IT. But this is in contrast to what IT developers and users want. There is much for standardization and thus ended up with dozens of different versions of the same services, hundreds of different services that grew up over time. Cloud computing has found a way to break out of this as cloud gives just a few basic but well-defined services. Take it or leave it. "Do you like our simple, Restful interface? Fine, use it!", or: "Oh, you want your own special custom version? Sorry, we don't have it. Go away." It's that simple.

This is obviously good for cloud providers, because they now can optimize it out of their infrastructure and provide nice, massive scale, low-cost, simple to administer services, which is every IT provider's dream come true. The new thing here is that now the developers have realized this is good for them. They can now use whatever version of their software they want, on whatever OS they want and get as many updates as they want, without having to ask their IT provider.

Now the burden of managing the software falls onto the developer or user but in the end this is a win-win for both, because both sides know exactly what to expect from the other, the rules are clear and the interface between provider and developer or user is well-defined. So the key point here is that well-defined abstraction layers between clouds and developers or users are the grease that lets both sides operate efficiently and completely independent of each other.

1.1: Layers of Abstraction in Clouds

There are three layers of abstraction in clouds:

Application as a Service (AaaS)

This is what the end-user gets when they use a service like Gmail, DropBox, the myriads of Facebook apps, SmugMug or even Adobe's online photoshop web service. AaaS services are very popular and there's really no reason to start a new application any other way today.

Platform as a Service (PaaS)

The abstraction layer here is some kind of developer environment but the details of implementation (OS, Hardware, etc.) are completely hidden. Users just need to get a programming language and some APIs/Libraries and go off. This is what Zembly or the Google App Engine gives. This is the development model of the future - develop against the cloud, no need to know the details behind it.

Infrastructure as a Service (IaaS)

These are the Amazon S3s, EC2s, etc. and recently introduced new version of IaaS is the Sun Cloud. In this model, users get access to a virtual server or virtual storage, treat them like real machines but the physical details of which machine is in which rack or which disks used are hidden.

Most discussions around clouds center on IaaS but remember that the basic principle of abstraction applies to the other two as well. Also, many AaaS offerings are either implemented on top of PaaS or IaaS offerings on someone else's cloud.

2: Automation

Again, this may seem like nothing new, because IT operators have tried to automate as much as possible within their datacenters. From the history of Sun MC through N1 and now xVM Ops Center and other people's Tivoli's, OpenView, there are lots in data center automation. None of these provided true one-click setup or tear-down of a complete server over the public internet.

Automation in the cloud means that the developers or users have complete automatic control over their resources. There is no human interaction, even from a developer or user perspective. In this environment when the user needs more servers, the load balancer intimates the cloud how many more to be provided. No need to wait for someone to unpack and cable your machine, no need to wait for your IT department to find the time to install. Everything is automatic.

Again, this is a win-win for both sides. While full automation reduces cost and complexity for the cloud provider, it puts the developer or user in control. Now the user can reduce his time to market for the next rollout because he can do it yourself, fully automatic and don't need to call anybody, rely on someone else to set up stuff for him, or wait days until some minor hardware or software installation is completed.

3: Elasticity

In the nineties, people bought large, expensive, scalable servers and waited for them to fill up over time as their companies grew. This was of course highly inefficient because most of the time they didn't use most of the server. After the dot-com bust, people became smarter and started scaling horizontally. That allowed them to add capacity to their datacenter in smaller chunks and on an as-needed basis. But what if they need a lot of capacity on one day but the next day back to humble levels of usage, because it's the weekend or the wrong season or there's a major recession coming up? As an extreme case: what if you ran the Olympics website and the games are just over?

That's when elasticity comes in very handy: User can easily scale up the cloud usage, also easily scale it down again. One day user can have 500 web servers, 50 app servers and 10 database servers, the next day it could easily go back to the old 50:5:2 ratio. And user will pay for what he used.

3.1.2. Example Cloud Environment

IBM Power Systems is in an ideal solution for cloud environments.  There are a number of ways in which IBM Power Systems can be the foundation for the cloud.

The Right Kind of Workload Optimization

At the core of cloud computing is this idea of optimizing the workload. This allows the user to make the most of their IT resources while increasing the overall flexibility. Power Systems use technology like IBM’s New Intelligent Threads to switch between processor threading dynamically. The Power Systems TurboCore mode lets us to provide the most performance per core for things like database or transaction workloads. Active Memory expansion lets you expand your physical memory logically by as much as 100% for memory-intensive workloads like SAP.

Limitless Virtualization

With PowerVM, the virtualization component of IBM Power Systems, user can virtualize not just processor resources but memory and I/O resources as well. They can use PowerVM to adjust capacity in a dynamic fashion, to move workloads between servers and to maximize availability. This kind of virtualization even allows preventing planned downtime.

Automated Management

Being able to provision resources within the cloud is the key to maximizing utilization and efficiency. It also helps to reduce total cost of owner (TCO) and management costs. Utilizing IBM Systems Director Enterprise for Power Systems, user has a way to manage physical as well as virtual servers in an automated fashion. These tools are cross-platform which means, no matter what kind of environment is, the Power Systems cloud can provision virtual machine images and effectively allocate resources, all while providing the user with an accurate picture of how systems are operating.

Solutions of All Kinds

No matter the shape, size or composition of the cloud, IBM Power Systems has a possible solution. Here are a few of the specific offerings:

•    IBM CloudBurst

CloudBurst lets the data center quickly create and implement a private cloud environment. It’s a cloud computing quick start aimed at a defined portion of the data center.

•    IBM WebSphere CloudBurst Appliance

This offering lets to deploy and manage the SOA foundation in a cloud computing environment and easily deploys WebSphere virtual images to the Power Systems partitions.

•    IBM Smart Business Development and Test Cloud

This solution lets the user to create a private cloud environment for the purposes of development and testing, reducing the operating costs and test cycle times.

3.2 Model for Federated Cloud Computing

3.2.1 Cloud federation

Cloud federation is the interconnecting the cloud computing environments with two or more service providers for load balancing traffic and accommodating spikes in demand. Cloud federation requires one provider to wholesale or rent computing resources to another cloud provider. Those resources become a temporary or permanent extension of the buyer's cloud computing environment, depending on the specific federation agreement between providers. 

Cloud federation offers two substantial benefits to cloud providers. First, it allows providers to earn revenue from computing resources that would otherwise be idle or underutilized. Second, cloud federation enables cloud providers to expand their geographic footprints and accommodate sudden spikes in demand without having to build new points-of-presence (POPs).

Service providers strive to make all aspects of cloud federation i.e. from cloud provisioning to billing support systems (BSS) and customer support i.e. transparent to customers. When federating cloud services with a partner, cloud providers will also establish extensions of their customer-facing service-level agreements (SLAs) into their partner provider's data centers.  

3.2.2 What Is Cloud Federation?

Federation brings together different cloud flavors and internal resources so companies can select a computing environment on demand that makes sense for a particular workload. It opens the door to a range of useful scenarios that take advantage of cloud capabilities.

Using multiple clouds for different applications to match business needs, for example, Amazon AWS or Rackspace could be used for applications that need large horizontal scale and Savvis or Terremark for applications that need stronger SLAs and higher security. An internal cloud is another federation option for applications that need to live behind the corporate firewall.

Allocating different elements of an application to different environments, whether internal or external, for example, an application could run in a cloud while accessing data stored internally as a security precaution.

Moving an application to meet requirements at different stages in its lifecycle, whether between public clouds or back to the data center, for example, Amazon or Terremark's vCloud Express could be used for development and when the application is ready for production it could move to Terremark's Enterprise Cloud or similar clouds. This is also important as applications move towards the end of their lifecycle, where they can be moved to lower-cost cloud infrastructure as their importance and duty-cycle patterns diminish.

Enterprise users don’t typically talk about federation, they speak in terms of application-specific and general business requirements. While some applications will always belong in their data center, they may have others (possibly hundreds) that could run more cost-effectively in the right cloud. The problem is that the cloud is not a homogenous entity but covers a broad landscape of computing environments, with no consistency between any of them or with the enterprise data center. Federation is the missing link, providing a structure that bridges these disparate environments so enterprise cloud computing can become as seamless and straightforward as it needs to be. Following are some of the key issues:

Bridging the Differences

An application should be able to run "as is" in any cloud with the resources to support it. But each cloud has its own server platforms, operating system versions, APIs, network settings, storage options. Without federation, each cloud deployment becomes a custom "one-off" exercise to meet the requirements of a particular cloud environment. That’s not acceptable internally and companies are now demanding the ability to leverage different clouds without the underlying engineering efforts required to make it happen.

Setting Consistent Rules

Rules and permissions about what employees can do in the cloud must be consistent with those in the data center. Role-based controls are required, for example, to enable a particular individual or group to create servers but not to delete or modify them. However, in these early days of cloud computing, the standard procedure is to allow cloud users access to the cloud credentials, essentially every user has full control and access to the cloud resources. This not only causes control issues but makes auditing and problem resolution difficult, since it is unclear who is responsible for any particular action.

Streamlining Cloud Management

Federation also means that administrators should be able to manage applications running in one or more clouds as if they were running locally, using their familiar tools and processes for application lifecycle management, monitoring, compliance management, etc. But cloud computing involves a wide assortment of isolated environments to keep track of and manage. Adding to the complexity, cloud providers often have their own management tools that users or administrators need to learn, all different from each other and from what enterprises have internally.

Bringing the Vision to Life

Federation is required for cloud computing to be successful, particularly as computing needs continue to expand. Enterprise users want to take advantage of all the capabilities available in the cloud but without the complexity or risk. The ability to federate this heterogeneous ecosystem is to create a uniform environment spanning external and internal clouds which is going to allow IT organizations to meet user and corporate needs with an agility and economy not previously possible. CloudSwitch is part of an emerging ecosystem that’s making federated cloud a reality.

3.2.3 Two-Layer Connectivity for Cloud Federation

Hybrid clouds are achieving almost universal buy-in because of the way enterprises use the cloud. As the hybrid model federates internal and external resources, so customers can choose the most appropriate match for workload requirements. The approach is already transforming enterprise computing, enabling a new generation of dynamic applications and deployments, such as:

Using multiple clouds for different applications to match business needs

Allocating components of an application to different environments (e.g., compute vs database tiers), whether internal or external ("application stretching")

Moving an application to meet requirements at specific stages in its lifecycle, from early development through scale testing, pre-production and ultimately full production scenarios

Moving workloads closer to end users across geographic locations, including user groups within the enterprise, partners and external customers

Most cloud architectures are built with routing topologies, where each cloud is a separate network with its own addressing scheme and set of attributes. This means that all address settings for applications deployed to the cloud have to be changed to those assigned by the cloud provider. It also means that applications and services running internally that need to interact with the cloud have to be updated to match the cloud provider’s requirements. The result is lots of re-configuring and re-architecting so the organization’s core network can communicate with the new external resources, exactly the opposite of the agile environment that cloud computing promises to deliver.

Enterprise customers and technology leaders are now seeing a broad recognition that cloud federation requires bridging connectivity. Cloud Bridge by Citrix is a confirmation that tight network integration is critical for successful cloud deployments.  Although it’s great to see others now starting down the path of better cloud networking, it is critical that enterprises realize that this level of network integration also requires heightened security for cloud deployments, remember that the user are now blending the cloud networks with their internal networks.  That is why CloudSwitch has developed a comprehensive solution that not only provides full network control independent of what networking gear the cloud provider has chosen but also secures and isolates customers’ data and communications completely through our Cloud Isolation Technology.

For hybrid computing to succeed, the cloud needs to appear like a resource on the customer network and an application running in the cloud needs to behave as if it’s running in the data center. With innovations that make the cloud a seamless, secure extension of the internal environment, CloudSwitch helps customers turn the hype around hybrid cloud into reality.

3.3 Cloud Ecosystem Model

3.3.1 Cloud Ecosystem

Cloud ecosystem is a term used to describe the complex system of interdependent components that work together to enable cloud services.

Merriam-Webster defines an ecosystem as "the complex of a community of organisms and its environment functioning as an ecological unit". In terms of cloud computing, that complex includes not only traditional elements of cloud computing such as software and infrastructure but also consultants, integrators, partners, third parties and anything in their environments that has a bearing on the other components.

Werner Vogels, CTO of Amazon, discussed the cloud ecosystem in a keynote address at Cloud Connect 2011. According to Vogels, the traditional concept of cloud services creates a metaphorical pyramid out of infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS) and software-as-a-service (SaaS), which limits the way we think about them. Vogels suggested that a better way of thinking of the cloud environment was to think of everything as a service.

3.3.2 Cloud broker & Cloud agent

A cloud broker is a third-party individual or business that acts as an intermediary between the purchaser of a cloud computing service and the sellers of that service.

The broker's role may simply to save the purchaser time by researching services from different vendors and providing the customer with information about how to use cloud computing to support business goals. In such a scenario, the broker works with the customer to understand work processes, provisioning needs, budgeting and data management requirements. After the research has been completed, the broker presents the customer with a short list of recommended cloud providers and the customer contacts the vendor(s) of choice to arrange service.

A cloud broker may also be granted the rights to negotiate contracts with cloud providers on behalf of the customer. In such a scenario, the broker is given the power to distribute services across multiple vendors in an effort to be as cost-effective as possible, in spite of any complexity that negotiations with multiple vendors might involve. The broker may provide the customer with an application program interface (API) and user interface (UI) that hides any complexity and allows the customer to work with their cloud services as if they were being purchased from a single vendor.

In addition to acting as an intermediary for contract negotiations, a cloud broker might also provide the customer with additional services, facilitating the deduplication, encryption and transfer of the customer's data to the cloud and assisting with data lifecycle management (DLM).

The business model for cloud brokerage is still evolving. At its simplest, the customer may hire a broker at the beginning of a project and pay the broker an hourly fee for their time. A broker providing more robust services, however, may charge the customer on a sliding scale, depending on what services the customer contracts for. A broker may also partner with one or more cloud service providers and take a small percentage of the cloud provider's profit as remuneration, once the customer has arranged service.

A cloud broker is a software application that facilitates the distribution of work between different cloud service providers. This type of cloud broker may also be called a cloud agent.

3.3.3 Cloud Outlook for 2012

A description...

Fig 14: Cloud Outlook

Looking back, we have experienced another phenomenal year for cloud growth in 2011, showing the increasing rate of cloud adoption and implementations in various regions. Figure 14 shows that the areas of growth that has happened / will be happened in coming years. Areas such as i) big cloud data, ii) business cloud, iii) mobile cloud and iv) gamification cloud are the key trends. The following are the areas that highlight the key trends:

Big Data Cloud - The amount of data created and replicated in 2011 surpassed 1.8 ZB. It is estimated by IDC that the total size of data in the data universe will reach 8 ZB by 2015 and nearly 20% of the information will be touched by cloud - about 1.5 ZB will be stored and processed in a cloud. The big data cloud enables an economical way to extract value from very large volumes of a wide variety of data by high-velocity capture, discovery, transformation and analysis. 

Business Cloud - The cloud delivery model will go beyond the traditional software (SaaS), platform (PaaS), infrastructure (Iaas) and business process (BPaaS) to a more business-oriented cloud model. Business-context clouds are anticipated to align directly with the industry verticals and offer unique solutions addressing the specific business and technical challenges in the individual sectors, such as healthcare and financial services. 

Mobile Cloud - Mobile applications will continue to grow with the social capabilities and innovative mobility devices, which will drive the accelerated progress of cloud computing to empower the users and consumerisation: anybody, anywhere, anytime and any device. The mobile cloud will push many organizations to rethink their business models.

Gamification Cloud - More leveraging of the game design techniques and mechanics is expected to innovatively solve problems and proactively engage audience. The gamification cloud will make technology edutainment, guide a participant with a path to mastery and autonomy, encourage users to involve in desired behaviors and make use of humans' psychological predisposition to engage in gaming. A versatile gamification cloud platform tends to emerge and ramp up in 2012.

3.3.4 Cloud Unified Process (CUP)

Ivar Jacobson, one of the famous "Three Amigos", who invented UML, once said: "we need to fundamentally reengineer the way we design, configure, teach, adopt and deploy process". What he emphasized is very true for the cloud computing paradigm at the current stage of its advancement. A holistic process model for systematic cloud adoption and implementation is lacking but it is a mandate for organizations of all sizes. This leads to Cloud Unified Process (CUP).

Cloud Unified Process is an end-to-end iterative and incremental process structure for the development and operations of cloud services in a lifecycle fashion. The key characteristics of CUP include: i) Goal-oriented, ii) Use case-focused, iii) Role-based, iv) Architecture-centric, v) Risk-aware, vi) Iteration-centered, vii) Model-driven, viii) Product-neutral, ix) Vendor- agnostic and x) Technology-independent.

The core benefits of CUP are more focused effort, built-in flexibility, time savings, higher quality, increased cost effectiveness and reduced project risks.

The CUP framework is composed of a hierarchical structure. The top level of CUP comprises five components: Strategize, Transform, Operationalize, Run and Enrich (STORE) (figure 15). At the second level, each component is further decomposed into individual sub-components, with more granular details. Further, the inputs, activities and outputs for every process step are prescribed in the framework, coupled with other artifacts, such as key objectives and practice guidance. One of the biggest challenges in the cloud endeavor is how to make up a comprehensive action plan systematically.

A description...

A description...

Fig 15 Cloud Unified Process (CUP)

A unified road mapping framework that systemizes the comprehensive strategization and operationalization of cloudification, composed of 4 incremental stages: Plan, Adopt, Transform and Harness (PATH). Different road mapping which are best practices to execute PATH are: Alignment, Blueprint, Checklist and Discipline (ABCD).

3.4 Cloud Governance

3.4.1 Taking steps to clarify cloud governance

The concept of "governance" means different things to different people and in fact, even the word itself is open to debate. However, no matter how you slice it, the consensus is that governance will play a crucial role in the cloud computing and can complement governance existing processes.

Cloud services are standardized offerings that are delivered through a common service catalogue. The services are rapidly provisioned and delivered out of a highly elastic and scalable infrastructure with a pay-as-you-go model, said by Ric Telford, vice president of cloud services at IBM.

Just as with traditional back office applications, compliance is key. "Anything that an organization could engage in that would need to be monitored by senior management at least on an occasional basis to make sure that the company is behaving properly in the modern world" should be governed, says Denis Pombriant, managing principal analyst of Beagle Research Group.

In cloud computing, providers should be transparent about the services that they offer, with clearly stated service-level agreements. At the same time, enterprises need to assume responsibility to ensure that mission critical business processes are safely supported by on-demand technology to minimize the loss of service and data loss, he added.

Governance in the cloud means the same as governance in SOA, except service level is 1,000 times more important. Developers that consume third-party services through interfaces across the Web need to know about SLAs. One of the piece of [cloud] governance is to provide that crucial information.

Cloud computing causes good IT governance and a focus on IT governance leads to the cloud. If the user is building a cloud, it will have the attributes of good governance, such as financial visibility into the cost of services and the ability to more accurately deliver on SLAs by taking control over how resources are provisioned.

IT organizations seek to adopt the benefits of cloud computing, it's important that they do it in a way that aligns with their own IT governance strategies. Cloud adoption, should be done in a way that does not disrupt but reinforces governance processes.

One of the unsung benefits of cloud computing is reintroducing the centralized control enjoyed during mainframe era. Some SalesForce customers are using the cloud to eliminate rogue applications in their organizations that can cause compliance issues, including databases and spreadsheets, he noted.

Software-as-a-service and platform-as-a-service have huge potential for governing applications. Xactium produces a SalesForce-hosted service for managing corporate governance, risk and compliance requirements.

The cloud enables enterprises to provide central points of information for sharing and managing risk data. When the user turn a spreadsheet into a cloud application that is then part of multi-tenant platform, it becomes controllable and manageable by the IT department and data is accessible across the organization, or can be invisible. While the cloud may offer advantages in enforcing governance processes, the onus is still on the developer to manage services from the easiest stages of development.

Customers should do some due diligence on development technologies that help to maintain governance regardless of what environment they run. Cloud databases still must have built in audit trails, he noted.

Organizations that use cloud services also need a way to validate services and have rules and policies around users. Cloud server templates should be trusted enough to be launched predictably and automatically and in that way, they become a tool for governance and compliance management, he observed. On-demand vendors operate a myriad of data centers that have extraordinary policies for redundancy and security, including physical security, which most enterprises lack. However, cloud services are most often used to handle front office data and that the most sensitive information in the enterprise, such as consumer credit card data still resides on internal servers.

Some people think that it's a fad and don't have a cloud strategy but when user is focused on IT governance and do the right things with architecture and strategy they have basically built a cloud. Cloud computing is the evolution of optimized and well-defined IT infrastructure.

3.4.2 SOA and Cloud Governance

Cloud computing is starting to take hold, especially in the marketing literature of vendors and consulting firms. Yet, there is an increasing number of Cloud success stories, ranging from simplistic consumption of utility Services and offloading of compute resources to the sort of application and process clouds. Perhaps the reason why usage of the Cloud is still nascent in the enterprise is because of an increasing chorus of concerns being voiced about the usage of Cloud resources:

Cloud availability

Cloud security

Erosion of data integrity

Data replication and consistency issues

Potential loss of privacy

Lack of auditing and logging visibility

Potential for regulatory violations

Application sprawl & dependencies

Inappropriate usage of Services

Difficulty in managing intra-Cloud, inter-Cloud and Cloud and non-Cloud interactions and resources

The above issues are primarily, if not exclusively, governance concerns. In many ways, we can apply what we’ve already learned, implemented and invested in SOA Governance directly to issues of Cloud Governance. However, SOA and Cloud, while complementary, are not equivalent concepts. There are a wide range of patterns and usage considerations that are either new to the SOA Governance picture or ones that we were able to gloss over. To make Cloud computing a success, we need to make Cloud governance a success. So, what can we apply from our existing SOA governance knowledge and what new things do companies need to consider?

3.4.3 Design-Time Cloud Governance

Designing Services to be deployed in the Cloud is much like designing Services for our own SOA infrastructure. In fact, that is why most Cloud infrastructure providers, whether they are third-party Cloud providers like Amazon.com or self-hosting Cloud infrastructure vendors, pitch the simplicity of Cloud Service development and deployment. However, within this simple mode there are some demerits, and users may think it is hard to get the developers on the same page with regards to Service development. Like the early days of Web Services-centric SOA development, companies faced developers hacking out a wide array of incompatible "Just a Bunch of Web Services (JBOWS)" style Services thrown on the network, now to face the same issue in the Cloud.

With the simplicity of Cloud Service development, deployment and consumption, developers can use Cloud capabilities undetected by IT management. It’s not unusual for a developer to interact with an Amazon Machine Image (AMI) image for a project. And to make matters worse, not everyone creating or consuming Cloud Services will even be from within the IT department.

SOA governance tools are often missing in the Cloud Computing environment. There’s no central point for a Cloud consumer / developer to view the Services and associated policies. Furthermore, design-time policies are easily enforceable when user has control over the development and quality assurance process but those are notoriously lacking in the Cloud environment. The result is that design-time policies are not consistently enforced on client side, if at all. Clearly, SOA governance vendors and best practices need to step up to the plate here and apply for SOA registries/repositories and governance processes to give the control that’s needed to avoid chaos and failure. This means that IT needs to provide the enterprise a unified, Service-centric view of IT environment across the corporate data center and the Cloud.

3.4.4 Run-Time Cloud Governance

Making matters worse are a collection of run-time and policy issues that are complicated by Cloud computing infrastructure. Furthermore, systems are unlikely to have the same security standards as internally. This means that our security policies need to be that much more granular. User cannot count on using perimeter-based approaches to secure your data or Service access. Every message needs to be scrutinized and need to separate Service and data policy definition from enforcement. The Cloud doesn’t simplify security issues it complicates and exacerbates them. However, there’s nothing new here. Solid SOA security approaches, such as "trust no one" approach and the Cloud is simply another infrastructure for enforcing these already stringent security policies.

An effective Cloud governance approach must provide the means to control, monitor and adapt Services, both with on-premises and Cloud-based implementations and needs to provide consistency across internal SOA & cloud SOA. To make this concept a reality, we need management and governance that spans SOA infrastructure boundaries.

Furthermore, companies need to implement usage policies to control the excessive and potentially expensive, use of Cloud Services in unauthorized ways. One way to solve this problem is through the use of network intermediaries and gateways that keep a close eye on traffic between the corporate network and the Cloud. Intermediaries can scan cloud-bound data for leakage of private or company-sensitive data, filter traffic sent up to cloud platforms, apply access policies to Cloud Services, provide visibility into authorized and unauthorized usage of Cloud Services and prevent unsanctioned use of Cloud Services by internal staff, among other benefits. Of course, these benefits do not extend to intra-Cloud Service consumption but can provide a lowest common denominator of runtime governance required by the organization.

3.4.5 Change Management and Cloud Governance

The last major Cloud governance issue is one of change management. How do the user prevent versioning of Cloud Services or even Cloud infrastructure from having significant repercussions? Proper Cloud governance techniques need to lift a page from the SOA governance book and deal with versioning at all levels: Service implementation, contract, process, infrastructure, policy, data and schema.

SOA is an architectural approach and philosophy guiding the development and management of applications. Cloud is a deployment and operational model suited to host certain types of Services within an existing SOA initiative. The Cloud concept within the SOA context is one of Service infrastructure, implementation, composition and consumption. The SOA concept within the Cloud context is one of application-level abstraction of Cloud resources. Therefore, think of Cloud Governance as evolved SOA governance.

Companies with a proper SOA governance should have few problems as they move to increasingly utilize Cloud services but those who have failed to take either an architectural perspective on Cloud or have glossed over SOA governance issues will be forced to quickly get a SOA perspective to get things right. In order for these both to work together, companies need to have a consistent SOA and Cloud Governance strategy.

3.4.6 SOA and cloud governance: the 11 stages of a service lifecycle

In the life of every SOA-enabled or cloud service, there are 11 key stages that can help mean the difference between the services getting lost as shelf ware in some forgotten directory, versus being the key to greater business agility. The stages of the service lifecycle should be as follows:

SOA Adoption Planning: Decisions are made regarding scope of planned service inventory, milestones, timelines, governance systems and management systems.

Service Inventory Analysis: Defining the service inventory to identify service candidates and ensure there is no overlap with existing services. A service inventory blueprint comes out of this stage.

Service-Oriented Analysis (Service Modeling): The first phase in the service delivery cycle begins with preparatory information-gathering that leads to creation of service candidates.

Service-Oriented Design (Service Contract): Produces service contracts in support of the "contract-first" approach to software development. Includes authoring of the service-level agreement

Service Logic Design: The logic that will be responsible for carrying out the tasks in the service contract is expressed.

Service Development: In PaaS cloud models, the service development platform itself may be offered by a ready-made environment.

Service Testing: Newly delivered services need to be tested individually and as part of service compositions.

Service Deployment and Maintenance: The actual implementation of a service into a production environment.

Service Usage and Monitoring: The ongoing monitoring of an active service generates metrics for measuring service usage, such as scalability, reliability, cost of ownership and ROI.

Service Discovery: Identify existing agnostic services within a given service inventory for automating processes.

Service Versioning and Retirement: Make changes to existing services in production environments, increase functional scope, or replace services with minimal disruption to service consumers.

3.4.7 Successful Cloud Governance and Adoption

Cloud computing introduces new security risks and compromises the traditional control of IT. Therefore, it is imperative that IT management establish firm control and oversight of cloud initiatives. Cloud governance, which is a logical evolution of current service-oriented architecture (SOA) governance strategies, offers a means to assert control over both internal and external applications and data.

Cloud governance provides a unified, application-centric view of IT throughout the corporate data center and into the cloud. It clears the way for secure, managed and incremental cloud adoption. But cloud governance can go badly if implemented too hastily or as an afterthought. The following are 5 tips to follow for successful cloud governance:

1: Start with enforcement

In cloud environments, distributed enforcement is a more difficult and more pressing problem than asset management. Look first for a policy enforcement point that simultaneously answers both of these needs. This offers immediate standalone value but with the ability to integrate with heavyweight registry or repositories when this need develops.

2: Form factors

Enforcement and monitoring must scale with no functional differences, from the wiring closet to the virtual cloud. Hardware appliances will always have their place but now so do virtual appliances that enforce policies and are capable of rapidly deploying in the cloud.

3: Distributed, virtualized management

Management systems for policy enforcement, whether on-site in traditional SOA or in the clouds, need to be distributable so that there is no single point of failure. These consoles manage mission-critical applications. If a local network becomes segmented or a cloud provider is inaccessible, the management components should be locally available on every enforcement point.

4: The ability to maintain a central system of record for critical assets

There must be a central, authoritative system of record for assets such as policies. Think of this as a library storing the laws of the land the police reference it but certainly not on every call.

5: Loose coupling is a must between enforcement points and repository

Enforcement points must not be tightly bound to central repositories because of the latency and reliability issues in the cloud.

Summary

The material in this chapter is the foundation for numerous topics that you will encounter in subsequent chapters. For example, Chapter 1 which deals with cloud technology such as life cycle model, cloud modeling and references, which will form a basic for the Cloud Architecture described in Chapter 2. In this chapter, we took a closer look towards logical architecture of cloud, holistic cloud reference model and answer why we need holistic cloud management. The concepts of convolution and correlation are explained in Chapter 3, where basics of cloud modeling are explained and how a cloud can be an eco-friendly and used to build cloud governance model.